How can I configure a custom response for AWS WAF managed rules?

3 minute read

I want to configure a custom response for requests that are blocked by an AWS WAF managed rule inside an AWS WAF managed rule group.

Resolution

Set the AWS WAF managed rule that you want to configure a custom response for in the Count rule action. Then, create a custom rule below the managed rule group to generate the custom response. If the request matches the label that the managed rule set in Count generates, then the response is sent.

The following example sets a custom response for the AWS WAF managed rule CrossSiteScripting_QueryArguments in the Core rule set (CRS) managed rule group.

Create a custom response message

Open the AWS WAF console in your AWS Region.
In the navigation pane, choose Web ACLs, and then choose your web access control list (web ACL).
Choose Custom response bodies, and then choose Create custom response body.
For Response body object name, enter a name.
For Content type, choose Plain text.
Note: The response body can be JSON, HTML, or plaintext.
In Response body, enter your response message, and then choose Save.

Note: Amazon CloudFront and Amazon API Gateway also support custom responses. However, AWS WAF custom responses take priority over any response specifications that are defined in your protected resource. For more information, see Custom responses for Block actions.

Create a custom rule to send the custom response

Open the AWS WAF console in your Region.
In the navigation pane, choose Web ACLs, and then choose your web ACL.
Choose the Rules tab, choose Add rules, and then choose Add my own rules and groups.
For Rule type, choose Rule builder.
For Name, enter a name for your rule.
For Type, choose Regular rule.
Choose the If a request dropdown list, and then choose matches the statement.
Choose the Inspect dropdown list, and then choose Has a label.
For Match scope, choose Label.
For Match key, enter the rule label. For example, awswaf:managed:aws:core-rule-set:CrossSiteScripting_QueryArguments.
For Action, choose Block.
Expand Custom response, and then choose Enable.
For Response code, enter your response code. For example, 307.
For Response headers, choose Add a new custom header.
For Key enter a header name.
For Value enter a header value.
In Choose how you would like to specify the response body - optional, choose the dropdown list.
Choose the custom response body that you created, and then choose Add Rule.

Note: For a list of supported HTTP status codes for custom responses, see Supported status codes for custom response.

Related information

How do I create complex custom AWS WAF JSON rules?

AWS Managed Rules rule groups list

Why is my AWS WAF custom rule not working?

Customize requests and responses with AWS WAF

Topics

Security, Identity, & Compliance

Relevant content

How to set custom Block response for managed rule sets in AWS WAF?
Anonymous
asked 2 years ago
[AWS WAF] Can't hit the rule with managed rules included in custom rules
Nam Tran
asked 2 years ago
WAF managed rule to prevent dotenv vulnerability
y0zg
asked 2 years ago
How to use a custom block action for AWS managed rules in WAFv2
Accepted Answer
HS
asked 7 months ago
WAF Managed Group Rules (notifications, etc)
Accepted Answer
MODERATOR
AWS-User-3650908
asked 4 years ago
Why is my AWS WAF custom rule not working?
AWS OFFICIALUpdated 2 years ago
How do I create complex custom AWS WAF JSON rules?
AWS OFFICIALUpdated 2 years ago
How do I allow requests from a bot blocked by AWS WAF Bot Control managed rule group?
AWS OFFICIALUpdated 2 years ago
How are the metrics and logs formatted for the count rule action in AWS WAF?
AWS OFFICIALUpdated 2 years ago
Amazon Managed Grafana now supports visualizing Prometheus Alertmanager rules and new configuration APIs
EXPERT
Priyanka Verma
published a year ago